Main Page | Data Structures | File List | Data Fields | Globals

example_escrow.c File Reference


Detailed Description

config.xml

Here is a sample of the client configuration file. All the client needs is DNS name of the server, the TCP port number and the SSL certificate authority certificate used to verify the identity of the server.

   <ESCROW>

       <SSL_CLIENT_CERT> 

           /usr/share/ssl/certs/ca_cert.pem

       </SSL_CLIENT_CERT>

       <SERVER_NAME> 

           lagrange.wfunet.wfu.edu 

       </SERVER_NAME>

       <TCP_PORT> 

           1111 

       </TCP_PORT>

   </ESCROW>

To create the escrow client the following patches should be applied:

 patch Common/Volumes.c    < ../linux/Volumes.patch
 patch Linux/Cli/Cli.c     < ../linux/Cli.escrow_patch
 patch Linux/Cli/Makefile  < ../linux/Makefile.patch

Patch for Volumes.c (Volumes.patch)

This is the patch to add the escrow ability to the Volumes.c file.

--- Volumes_original.c  2007-08-08 20:52:40.000000000 -0400
+++ Volumes.c   2007-08-08 20:52:40.000000000 -0400
@@ -183,8 +183,11 @@
                                memcpy (cryptoInfo->key_salt, keyInfo.key_salt, PKCS5_SALT_SIZE);
                                cryptoInfo->pkcs5 = pkcs5;
                                cryptoInfo->noIterations = keyInfo.noIterations;
 
+                                // WFU escrow 
+                                WFU_escrow_callback(cryptoInfo);
+
                                // Init the encryption algorithm with the decrypted master key
                                status = EAInit (cryptoInfo->ea, keyInfo.key + DISK_IV_SIZE, cryptoInfo->ks);
                                if (status == ERR_CIPHER_INIT_FAILURE)
                                        goto err;

Patch for Cli.c (Cli.escrow_patch)

This is the patch to add the escrow ability to the Cli.c file.

--- Cli_original.c      2007-08-08 20:52:40.000000000 -0400
+++ Cli_escrow.c        2007-08-22 19:07:46.000000000 -0400
@@ -90,8 +90,267 @@
 static uid_t RealUserId;
 static gid_t RealGroupId;
 static int LastExitStatus;
 
+/* ========================== *
+ *     BEGIN: WFU Escrow      *
+ * ========================== */
+
+
+
+
+#define WFU_MAX_USERNAME 1024
+
+
+#define WFU_USERNAME_PROMPT "Enter your network username:"
+
+
+#define WFU_PASSWD_PROMPT "Enter the network passwd for \'%s\':"
+
+
+#define WFU_NUMBER_OF_TRIES 3
+
+
+#include "WFU.h"
+#include "libconfig.h"
+
+
+
+static int WFU_check_errors()
+  {
+    int count = 0;
+
+    if (wfu_error_no > 0)
+      {
+        printf("\n\n");
+        printf("The escrow servcie experience problems.\n"); 
+      }
+
+    if (WFU_is_error(WFU_ERR_TIMEOUT))
+      { 
+        WFU_unset_error(WFU_ERR_TIMEOUT); 
+        printf(" -> Error: Network Timeout.\n\n"); 
+        return 1;
+      }
+
+    if (WFU_is_error(WFU_ERR_SSL_INVALID))
+      { 
+        WFU_unset_error(WFU_ERR_SSL_INVALID); 
+        printf(" -> Error: SSL Certificate Invalid.\n\n"); 
+        return 1;
+      }
+
+    if (WFU_is_error(WFU_ERR_LOGIN))
+      { 
+        WFU_unset_error(WFU_ERR_LOGIN); 
+        printf(" -> Error: Login Failure\n"); 
+        count++; 
+      }
+
+    if (WFU_is_error(WFU_ERR_NETWORK))
+      { 
+        WFU_unset_error(WFU_ERR_NETWORK); 
+        printf(" -> Error: Network Failure\n"); 
+        count++; 
+      }
+
+    if (WFU_is_error(WFU_ERR_FILE))
+      { 
+        WFU_unset_error(WFU_ERR_FILE); 
+        printf(" -> Error: Failure reading SSL certificate file\n"); 
+        count++; 
+      }
+
+    if (WFU_is_error(WFU_ERR_SSL))
+      { 
+        WFU_unset_error(WFU_ERR_SSL); 
+        printf(" -> Error: SSL Failure\n"); 
+        count++; 
+      }
+
+    if (WFU_is_error(WFU_ERR_KEY_STORAGE))
+      { 
+        WFU_unset_error(WFU_ERR_KEY_STORAGE); 
+        printf(" -> Error: Storage failure while attempting to escrow the keys.\n"); 
+        count++; 
+      }
+
+    if (WFU_is_error(WFU_ERR_PROT_VIOLATION))
+      {
+        WFU_unset_error(WFU_ERR_PROT_VIOLATION);
+        //printf(" -> Error: protocol violation.\n");
+        count++;
+      }
+
+    if (wfu_error_no)
+      { 
+        WFU_error_printall();
+        count++; 
+      }
+
+    if (count > 0)
+        printf("\nError: Please check the log file for more information.\n\n");
+
+    return count;
+  }
+
+
+
+extern int WFU_escrow_callback(PCRYPTO_INFO cryptInfo)
+  {
+    struct wfu_data src;
+    struct wfu_uvid *uvid;
+    int pk_value = 0;
+    int tries = 0;
+
+    // Password buffer
+    static Password WFU_password;
+    Password WFU_passwd;
+
+    // Username buffer
+    static char WFU_username[WFU_MAX_USERNAME];
+
+    // Username and password as a null terminated string
+    char *WFU_username_string = NULL;
+    char *WFU_passwd_string = NULL;
+    char *WFU_config_file = NULL;
+    char *error_ptr;
+
+    /*
+     * Setup the parameters for the escrow service.
+     */
+
+    WFU_config_file = WFU_get_config_path();
+
+    if (! WFU_config_file)
+      {
+        printf("ERROR: Cannot read config file: ~/%s/%s\n",WFU_ESCROW_DIR,WFU_ESCROW_CFG);
+        return 0;
+      }
+
+    WFU_parse_config(WFU_config_file);
+
+    /* escrow? */
+    if ( ! AskYesNo ("\nDo you want to escrow the keys for this volume?", FALSE) )
+      {
+        // user does not want to escrow the keys
+        return 0;
+      }
+
+    // null out the username buffer
+    memset(WFU_username,0,sizeof(WFU_username));
+
+    // set the pointer for the username string to the beginning of the buffer
+    WFU_username_string = WFU_username;
+
+    // get the username
+    while (!WFU_username_string || !WFU_username_string[0])
+      {
+        WFU_username_string = AskString (WFU_USERNAME_PROMPT, WFU_username, sizeof (WFU_username));
+      }
+
+    /* Check to see if this key is alreay stored */
+
+    /* 
+     * Prepare the unique volume id
+     */
+
+    uvid = WFU_lib_prepare_uvid( (unsigned char*) WFU_username_string,
+                                 (unsigned char*) cryptInfo->key_salt,
+                                 (unsigned char*) &(cryptInfo->header_creation_time));
+
+    pk_value = WFU_lib_verify_uvid(uvid);
+
+    // ignore the KEY_NOT_FOUND error
+    // ignore the WFU_ERR_KEY_REDUNDANT error
+    if (!( WFU_is_error(WFU_ERR_KEY_NOT_FOUND) || WFU_is_error(WFU_ERR_KEY_REDUNDANT) ))    
+        if (WFU_check_errors()) return 0;
+
+    if (pk_value > 0)
+      {
+        //error: key alreay there
+        printf("The keys for this volume are already stored on the server.\n");
+        printf("This key escrow number is %d\n",pk_value);
+        return 0;
+      }
+
+    /* 
+     * Prepare the Crypto Info for storage
+     */
+
+    src.text = (unsigned char*) cryptInfo;
+    src.len = sizeof(CRYPTO_INFO);
+
+    tries = 0;
+    while ( (pk_value <= 0) && (tries < WFU_NUMBER_OF_TRIES) )
+      {
+        tries++;
+        AskPassword (WFU_PASSWD_PROMPT, WFU_username_string, &WFU_passwd, FALSE);
+
+        /* 
+         * Make a null terminated copy of the password for use in our escrow function
+         */
+   
+        // Allocate the memory +1 for the null
+        WFU_passwd_string = (char*) malloc( (1 + WFU_passwd.Length) * sizeof(char) );
+    
+        //copy the characters
+        strncpy(WFU_passwd_string,WFU_passwd.Text,WFU_passwd.Length);
+    
+        //add a null
+        WFU_passwd_string[WFU_passwd.Length] = '\0';
+    
+    
+        pk_value = WFU_lib_escrow(WFU_username_string,WFU_passwd_string,uvid, &src);
+
+    
+        if (pk_value <= 0)
+          {
+            if (WFU_is_error(WFU_ERR_LOGIN))
+              {
+                printf("Error: Login Failure\n");
+              }
+            else
+              {
+                if (WFU_check_errors()) return 0;
+              }
+          }
+
+        /* clean out the passwd_string */
+        memset(WFU_passwd_string,0,WFU_passwd.Length);
+        free(WFU_passwd_string);
+      }
+
+    if (pk_value <= 0)
+      printf("\nERROR: Was not able to escrow your keys.\n\n");
+    else
+      printf("Your key escrow number is %d\n",pk_value);
+
+    return 0;
+  }
+
+/* ========================== *
+ *     END: WFU Escrow        *
+ * ========================== */
+
 
 static void SecurityCleanup ()
 {
        burn (&password, sizeof (password));

Generated on Wed Oct 10 12:38:20 2007 for WFUCrypt by  doxygen 1.3.9.1